Job Description

###

Description

We are seeking an experienced and highly capable Information Security Manager to lead our day-to-day information security operations, reporting directly to the Director of Information Security.

This is a hands-on role requiring a deep understanding of security practices particularly for cloud environments. The successful candidate will play a key role in safeguarding our organisation by working collaboratively with internal teams and external partners to manage information security, governance, and cyber risk.

In this role, you will be responsible for ensuring that our security position aligns with organisational goals, regulatory requirements, and recognised industry standards. This position offers a unique opportunity to influence our security strategy while providing expert guidance and operational oversight across the business.###

Key Responsibilities

Working alongside our experienced team of industry experts, you will be responsible for:Co -creation of an information security improvement program to ensure the risk profile matures in line with business objectives and the threat landscape, maintaining ongoing compliance with relevant accreditations (e.g. ISO27001, Cyber Essentials, PCI DSS). Overseeing the implementation, maintenance and assurance of security controls across the business in line with company objectives, information security strategy and security architectural principles. Supporting the business with information security risk identification and treatment within the context of the latest threats, conducting regular risk assessments, threat modelling, overseeing mitigation strategies and preparing management reports detailing the state of the risk. Contributing to the development of security policies, standards, and frameworks across the organisation, working with teams to influence embedding them into the business. Providing information security requirements to Cifas' third parties and obtaining assurance that they are protecting company assets, as well providing assurance to members regarding Cifas' information security. Leading the technical response to a security incident and ensuring the information security of BCP, as well as developing response plans that are reviewed and tested regularly. Creating and delivering relevant information security training & awareness material as part of a wider program designed to drive a culture of security awareness across the organisation.


###

Skills, Knowledge and Expertise

To be successful in this role, you will have:Exceptional understanding of cloud security architecture principles and emerging threats Experience with major cloud platforms (AWS, GCP, Azure) and cloud-native security tools A strong background in threat modelling and risk assessment across applications and infrastructure Knowledge of Application Security, including secure coding and vulnerability management Proven track record integrating security into DevOps practices and CI/CD pipelines Expertise in corporate security technologies (IAM, EDR, network security) Experience designing and implementing comprehensive security solutions Knowledge of key security frameworks (ISO 27001, NIST CSF, CIS Controls) Excellent communication skills, particularly in translating technical concepts for business stakeholders A recognised security certificate is preferred but not essential (e.g. CISM, CISSP)


###

Benefits

In return for helping us take the fight to fraud, all our employees receive an impressive benefit package, which includes:Remote working with approximately 2 days a month in the London office. Generous annual leave allowance plus the bank holidays Private healthcare Excellent pension package through salary sacrifice Personal and professional growth Employee wellbeing services - Wellbeing hub access with resources to various online exercise content, meditation guides, sleep stories and yoga.
We have introduced agile ways of working, allowing teams to decide how best they work, while ensuring regular opportunities to collaborate and innovate. We create an environment to help you to unleash your potential and perform the most rewarding work of your career, whist keeping your wellbeing at the foremost with initiatives in place to promote the wellness of our people.

We are committed to building a diverse and inclusive culture and have dedicated inclusion champions across the business to celebrate and promote our uniqueness. We also have a dedicated team of volunteers looking for innovative ways to give back as part of our commitments under our Corporate Social Responsibility. We are delighted to be recognised in the 2021, 2022 and 2024 best companies to work for listings. We have also been awarded the Investors In People Gold accreditation.

If you are passionate about our purpose and would like an opportunity to make a valuable contribution to fraud prevention, we would like to hear from you.###

About Cifas

Cifas is the UK's leading fraud prevention service, managing the largest database of instances of fraudulent conduct in the country. Our members are organisations from all sectors, sharing their data across those sectors to reduce instances of fraud and financial crime. Operating as a not-for-profit means our teams put all their efforts into our mission of fighting fraud, rather than creating a financial return for shareholders.

Fraud presents a serious and significant threat to the UK and our role in protecting businesses, the public and the economy from fraud is now more important than ever before. As a result, we have ambitious plans to innovate and create new services and products that will significantly improve the way that we and our members tackle fraud.

Our employees play a crucial part in ensuring we remain the UK's leading fraud prevention service, whilst also ensuring our members remain at the heart of everything we do.